Högskolan i Skövde

Purpose – Digital mobile radio communication networks are used for coordinating operations in manyimportant sectors, including critical infrastructures and large industries. Despite this, there is a dearth ofknowledge about how their information security is managed. The most commonly used standard for suchnetworks is TETRA. Given the critical role of TETRA networks, this study aims to clarify how they are used,how their users manage information security and the implications of vulnerabilities in the standard.

Design/methodology/approach – The study is based on semi-structured interviews with representativesfrom 11 organizations in Sweden that own and operate TETRA networks, representing 32% of registered usersin the country and a wide range of users and applications. Thematic analysis was used to analyze the data.

Findings – Management of TETRA networks is generally outsourced, leaving TETRA network owners withscant knowledge of the state of security in their networks. Although organizations have high demands onavailability and integrity, the use of encryption and authentication is rare. Instead, users generally rely on theprotocol’s complexity and obscurity for security. Because organizations’ core operations are often dependenton functioning TETRA networks, attacks can have severe consequences.

Originality/value – Previous research on security in digital mobile radio communication networks hasfocused on technical vulnerabilities in standards. This study is the first, to the best of the authors’ knowledge,to investigate users’ approaches to information security, the potential consequences of attacks and theimplications of known security issues in this context.